Dashboard Articles Playground Discussions More
Follow

Help with a challenge (Sessions)

Zajt
6 years ago

0

Hi!

I need some help with this challenge: Image

I tried logging in with admin as username and test as password, and got the admin email. I have also used burp to intercept the requests when logging in and reseting the password, but I didn’t find anything that could help me. I also tried adding some symbols(like sending parameters as arrays) in to the post-data but it didn’t help. Any thoughts?

4replies
2voices
204views
1image
Micr0n [micr0n]
6 years ago

0

If you share the link we can take a look deeper, at first glance is hard to see any flaw

 

Hi

Zajt
6 years ago

0

@micr0n Here is the link: https://securityshepherd.arizona.edu - you need to register an account though, but it doesn’t take so long. Then it is the first challenge under Sergeant.

Micr0n [micr0n]
6 years ago

0

What i saw is maybe when you submit the mail the password is temporally changed, so you have two options (Any email is delivered) 1- Guessing the reseted password 2- Don’t reset the password because it has something related with the mail.

 

Hi

Zajt
6 years ago

0

@micr0n okey but if I don’t reset it, what should I do to get the key?

You must be logged in to reply to this discussion. Login
1 of 5

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss